How do I manage container runtime policy?

Currently under portal https://qualysguard.qg2.apps.qualys.com/cs/#/configurations/policies/ , I can see only the default policy is available. Under the detail of this policy, 3 tabs are available: network rule/application rule/file rule. Currently, there are no options under each category. The portal doesn't allow the user to create any policies.

Question 1: under what situation can the user allowed to create customized policies? how can those policies be enforced on the host sensors?

Question 2: are there policies that can be applies to images in registries?

Question 3: if the container fails the policy, is there specific API to return this information?